Skip to content

greenbone/keycloak-client-golang

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

320 Commits
.github
.github
 
 
auth
auth
 
 
client
client
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
changelog.toml
changelog.toml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
version.go
version.go
 
 

Repository files navigation

Greenbone Logo

GitHub releases

Golang Keycloak Client

This repository contains a reusable connector for Keycloak.

Authorization

See auth/example_test.go for example usage or snippet below:

import "github.com/greenbone/keycloak-client-golang/auth"

func main() {
    realmInfo := auth.KeycloakRealmInfo{
        RealmId:               "user-management",             // keycloak realm name
        AuthServerInternalUrl: "http://keycloak:8080/auth",   // keycloak server internal url
        AuthServerPublicUrl:   "http://localhost:28080/auth", // keycloak server public url (jwt issuer)
    }
    
    authorizer, err := auth.NewKeycloakAuthorizer(realmInfo)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak token authorizer: %w", err))
        return
    }

    authMiddleware, err := auth.NewGinAuthMiddleware(authorizer.ParseRequest)
    if err != nil {
        log.Fatal(fmt.Errorf("error creating keycloak auth middleware: %w", err))
        return
    }

    gin.SetMode(gin.TestMode)
    router := gin.Default()
    router.Use(authMiddleware) // wire up auth middleware

    router.GET("/test", func(c *gin.Context) {
        userContext, err := auth.GetUserContext(c)
        if err != nil {
            _ = c.AbortWithError(http.StatusInternalServerError, err)
            return
        }

        c.String(http.StatusOK, fmt.Sprintf("%#v", userContext))
        // Output:
        //
        // &auth.UserContext{
        //     Realm: "user-management", 
        //     UserID: "1927ed8a-3f1f-4846-8433-db290ea5ff90", 
        //     UserName: "initial", 
        //     EmailAddress: "[email protected]", 
        //     Roles: []string{""offline_access", "uma_authorization", "user", "default-roles-user-management"}, 
        //     Groups: []string{"user-management-initial"}, 
        //     AllowedOrigins: []string{"http://localhost:3000"},
        // }
    })
}

Steps:

  • create a realm info struct with realm id and keycloak internal url (inside docker/k8s) from environment variables,
  • create keycloak authorizer via auth.NewKeycloakAuthorizer and pass the realm info,
  • create gin middleware via auth.NewGinAuthMiddleware with ParseRequest method of the authorizer. It will check Authorization header for the bearer token and Origin header for an allowed origin. It will put decoded claims into gin context
  • wire up auth middleware to routes you decide
  • inside routes use auth.GetUserContext to get decoded token claims as a user context object from gin context

Maintainer

This project is maintained by Greenbone AG

Contributing

Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at GitHub first.

License

Copyright (C) 2020-2023 Greenbone AG

Licensed under the GNU General Public License v3.0 or later.

About

Reusable keycloak client for golang

Topics

go backend extended 3rdgen opensight opensight-asset

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

3 stars

Watchers

8 watching

Forks

0 forks
Report repository

Releases 12

keycloak-client-golang 0.2.2 Latest
Nov 4, 2024
+ 11 releases

Packages

No packages published

Contributors 10

Languages